Topic
  • 8 replies
  • Latest Post - ‏2013-08-08T08:51:35Z by Castiel
Castiel
Castiel
19 Posts

Pinned topic SIAuthenticationException (Process Designer log on)

‏2013-07-14T12:25:53Z |

Linux server hosting virtual CentOs machine (run by VMWare Player). Both WebSphere and BPMv8.0.1 run on the VM. iptables of the server set to portforward the port 9080, i.e., packets are transferred:

[public IP]:9080 -> [IP of the virtual interface's gateway]:9080 -> [IP of the virtual CentOs]:9080

and back again. (This was checked by WinDump/tcpdump on client Windows system, hence, I suppose firewall and blocked ports aren't issues - but only a guess. Also [public IP]:9080 in Firefox is reachable and is able to login inside ProcessCenter.)

However, while trying to login via Process Center, I get

Unable to establish connection with the Process Center. Please check your connection settings and verify that the server is running.

ae.log:

2013-07-12 13:11:17,102 [main] ERROR com.lombardisoftware.client.ae.core.TWAbstractPlugin  - An error has occurred.
javax.jms.JMSSecurityException: CWSIA0004E: The authentication for the supplied user name admin and the associated password was not successful.
    at [....]

Caused by: com.ibm.wsspi.sib.core.exception.SIAuthenticationException: CWSJR1072E: The supplied user name, admin, could not be authenticated.
    at [....]

It's twisting my mind for a couple weeks already. Any ideas, what's wrong? (E. g., is it somehow related to 2809 port & if so, how?)

  • kolban
    kolban
    3316 Posts

    Re: SIAuthenticationException (Process Designer log on)

    ‏2013-07-14T12:58:21Z  

    I think there are more ports used than 9080.  Examples might be 2809 for IIOP traffic and 9443 for SSL traffic.  Are you logging in as the admin user?  Obviously if you can login to the Process Center, it would appear that the password would be correct.  There are logs for Process Designer ... if I remember they are called "ae.log"?  Also, the "Eclipse.ini" file would be a useful thing to look inside.  Make sure that the fully qualified domain name of the server is known to the PC's running Process Designer.

  • Castiel
    Castiel
    19 Posts

    Re: SIAuthenticationException (Process Designer log on)

    ‏2013-07-15T09:46:15Z  
    • kolban
    • ‏2013-07-14T12:58:21Z

    I think there are more ports used than 9080.  Examples might be 2809 for IIOP traffic and 9443 for SSL traffic.  Are you logging in as the admin user?  Obviously if you can login to the Process Center, it would appear that the password would be correct.  There are logs for Process Designer ... if I remember they are called "ae.log"?  Also, the "Eclipse.ini" file would be a useful thing to look inside.  Make sure that the fully qualified domain name of the server is known to the PC's running Process Designer.

    Hi, kolban! ThanQ very much for your interest!

    • Yes, I do login as the admin; I even tried other non-admin account (added via ProcessAdmin, which is also reachable from webbrowser). Yet the same exception occurs. May not be relevant: neither log file
    /opt/ibm/BPM/v8.0.1/profiles/ProcCtr01/logs/server1/SystemOut.log
    

    (nor SystemErr.log) does not register any change. However, when a non-existing username or an existing username with wrong password is entered, everything is logged. Seems pretty weird.

    • Parts of "ae.log" were shown in my previous post. I also included it (together the latest orbtrc*.txt log file) in the attachment just FYI.
    • Of course, I know about "eclipse.ini". I already tried both IP address with the port and full DNS with the port, both with and without quotation marks " ... "
    • What do you mean by the last sentence of your post? Appropriate line in Windows 7's etc/hosts file? I already mapped DNS of the server to its IP address and then tried hostname of the image to the IP address of the server. Without any success :-(

    EDIT:

    1. Okay, I'm not entirely sure about the 3rd point (the one with ecplise.ini). I only tried port 9080 (with public IP of the Linux server) - is this correct?
    2. Is there any list of necessary ports to be opened (besides 9080, 2809, 9443)? And there should be opened on both the Linux server and the image, right?
    3. I'm still trying to fully comprehend your last statement Make sure that the fully qualified domain name of the server is known to the PC's running Process Designer. - this seems to be crucial for fixing the problem.

    Attachments

    Updated on 2013-07-15T17:14:04Z at 2013-07-15T17:14:04Z by Castiel
  • AndrewPaier
    AndrewPaier
    741 Posts

    Re: SIAuthenticationException (Process Designer log on)

    ‏2013-07-30T22:05:41Z  
    • Castiel
    • ‏2013-07-15T09:46:15Z

    Hi, kolban! ThanQ very much for your interest!

    • Yes, I do login as the admin; I even tried other non-admin account (added via ProcessAdmin, which is also reachable from webbrowser). Yet the same exception occurs. May not be relevant: neither log file
    <pre dir="ltr" style="margin-left: 40px;">/opt/ibm/BPM/v8.0.1/profiles/ProcCtr01/logs/server1/SystemOut.log </pre>

    (nor SystemErr.log) does not register any change. However, when a non-existing username or an existing username with wrong password is entered, everything is logged. Seems pretty weird.

    • Parts of "ae.log" were shown in my previous post. I also included it (together the latest orbtrc*.txt log file) in the attachment just FYI.
    • Of course, I know about "eclipse.ini". I already tried both IP address with the port and full DNS with the port, both with and without quotation marks " ... "
    • What do you mean by the last sentence of your post? Appropriate line in Windows 7's etc/hosts file? I already mapped DNS of the server to its IP address and then tried hostname of the image to the IP address of the server. Without any success :-(

    EDIT:

    1. Okay, I'm not entirely sure about the 3rd point (the one with ecplise.ini). I only tried port 9080 (with public IP of the Linux server) - is this correct?
    2. Is there any list of necessary ports to be opened (besides 9080, 2809, 9443)? And there should be opened on both the Linux server and the image, right?
    3. I'm still trying to fully comprehend your last statement Make sure that the fully qualified domain name of the server is known to the PC's running Process Designer. - this seems to be crucial for fixing the problem.

    Kolban is pointing you in the right direction.  There are a bunch more ports you need to open up in your firewall to get Process Designer Access.  Specifically the info center entry here calls out BOOTSTRAP_ADDRESS, ORB_LISTENER_ADDRESS, WC_Defaulthosts, and SIB_ENDPOINT_ADDRESS (typically 2809, 9100, 9080, and 7276 although those can shift if the installer detects any of those being used)

    Andrew Paier  |  Director  |  BP3 Global, Inc.
    BP3 Global's Website  |  Twitter  |  Linkedin  |  Google+  |  Blogs

  • Castiel
    Castiel
    19 Posts

    Re: SIAuthenticationException (Process Designer log on)

    ‏2013-08-05T09:29:42Z  

    Kolban is pointing you in the right direction.  There are a bunch more ports you need to open up in your firewall to get Process Designer Access.  Specifically the info center entry here calls out BOOTSTRAP_ADDRESS, ORB_LISTENER_ADDRESS, WC_Defaulthosts, and SIB_ENDPOINT_ADDRESS (typically 2809, 9100, 9080, and 7276 although those can shift if the installer detects any of those being used)

    Andrew Paier  |  Director  |  BP3 Global, Inc.
    BP3 Global's Website  |  Twitter  |  Linkedin  |  Google+  |  Blogs

    Hello Andrew! Thank you for your reply.

    I've been advised (many times) to do that which is why I've already done that several weeks ago. I checked it out in both WAS admin console and serverindex.xml file, which hint about 18 ports. All of them are opened now (in iptables firewall), packet-/bytecounters increase appropriately and I can access them (perhaps all of them) via telnet.

    I'm not sure - am I doing something wrong, Andrew?

  • AndrewPaier
    AndrewPaier
    741 Posts

    Re: SIAuthenticationException (Process Designer log on)

    ‏2013-08-06T21:50:19Z  
    • Castiel
    • ‏2013-08-05T09:29:42Z

    Hello Andrew! Thank you for your reply.

    I've been advised (many times) to do that which is why I've already done that several weeks ago. I checked it out in both WAS admin console and serverindex.xml file, which hint about 18 ports. All of them are opened now (in iptables firewall), packet-/bytecounters increase appropriately and I can access them (perhaps all of them) via telnet.

    I'm not sure - am I doing something wrong, Andrew?

    I'm not sure.  Have you confirmed it really isn't a username/password problem?  Is the server starting up "clean"?  If you did an 8.0.1 typicall install the security provider is in the DB and if the DB2 instance isn't responding, no one can login...

    Andrew Paier  |  Director  |  BP3 Global, Inc.
    BP3 Global's Website  |  Twitter  |  Linkedin  |  Google+  |  Blogs

  • Castiel
    Castiel
    19 Posts

    Re: SIAuthenticationException (Process Designer log on)

    ‏2013-08-07T07:25:13Z  

    I'm not sure.  Have you confirmed it really isn't a username/password problem?  Is the server starting up "clean"?  If you did an 8.0.1 typicall install the security provider is in the DB and if the DB2 instance isn't responding, no one can login...

    Andrew Paier  |  Director  |  BP3 Global, Inc.
    BP3 Global's Website  |  Twitter  |  Linkedin  |  Google+  |  Blogs

    As4 username/pw: These ones can connect successfully via Proces Center (in webbrowser). I even tried another account, same result (PC yes, PD no).

    As4 clean startup: When I start it, no peculiarities occur. Can you describe to me more explicitly, please, what do you mean by "clean"?

    As4 DB(2): It wasn't me who did the first installation (but I'm in contact with the guy) which is why I don't understand your statement very well - how do you check if this is a problem (DB2 not responding etc.)?

  • AndrewPaier
    AndrewPaier
    741 Posts

    Re: SIAuthenticationException (Process Designer log on)

    ‏2013-08-07T16:31:20Z  
    • Castiel
    • ‏2013-08-07T07:25:13Z

    As4 username/pw: These ones can connect successfully via Proces Center (in webbrowser). I even tried another account, same result (PC yes, PD no).

    As4 clean startup: When I start it, no peculiarities occur. Can you describe to me more explicitly, please, what do you mean by "clean"?

    As4 DB(2): It wasn't me who did the first installation (but I'm in contact with the guy) which is why I don't understand your statement very well - how do you check if this is a problem (DB2 not responding etc.)?

    Okay, if you are logging in successfully to the Process Center, then clearly it isn't a password problem.  And assuming you are seeing some PA/TK in the Process Center, there isn't a DB problem.

    For server startup you want to look at the SystemOut.log file for the server as it starts up and see if there are any errors in there.  But I was anticipating a DB problem, which it doesn't seem is the case for you.

    Check the TeamworksConfiguration.running.xml on your server and see if the various urls under the "authoring-environment" element match what you are using in the browser. 

    Andrew Paier  |  Director  |  BP3 Global, Inc.
    BP3 Global's Website  |  Twitter  |  Linkedin  |  Google+  |  Blogs

  • Castiel
    Castiel
    19 Posts

    Re: SIAuthenticationException (Process Designer log on)

    ‏2013-08-08T08:51:35Z  

    Okay, if you are logging in successfully to the Process Center, then clearly it isn't a password problem.  And assuming you are seeing some PA/TK in the Process Center, there isn't a DB problem.

    For server startup you want to look at the SystemOut.log file for the server as it starts up and see if there are any errors in there.  But I was anticipating a DB problem, which it doesn't seem is the case for you.

    Check the TeamworksConfiguration.running.xml on your server and see if the various urls under the "authoring-environment" element match what you are using in the browser. 

    Andrew Paier  |  Director  |  BP3 Global, Inc.
    BP3 Global's Website  |  Twitter  |  Linkedin  |  Google+  |  Blogs

    This specific problem has been solved (see the accepted answer on https://www.ibm.com/developerworks/community/forums/html/topic?id=83168e27-8b34-4103-bd7c-7a36d3d7075a#cb8ada4a-b6d7-4a48-8b7a-76f52337ed4e ). Briefly, I changed enodeName.

    Now there's a new error. If you had time & willingness, I'd b only glad:

    https://www.ibm.com/developerworks/community/forums/html/topic?id=888f1923-5764-4786-a56d-498fae5422a0

    Thanks to everyone! :-)